Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- From: http://krebsonsecurity.com/2013/11/no-bail-for-alleged-silk-road-mastermind/
- http://krebsonsecurity.com/wp-content/uploads/2013/11/Ex-D-Dominica-application.pdf
- Looking at Ross Ulbricht's application for citizenship in Dominica and you'll find his mail: rossulbricht@gmail.com
- Searching for this mail in the leaked Adobe database and you get one hit:
- +-----------+------------------------+--------------------------+------+
- | Id | Mail | Pass | Hint |
- +-----------+------------------------+--------------------------+------+
- | 105817612 | rossulbricht@gmail.com | FReA1y3IWOfioxG6CatHBw== | |
- +-----------+------------------------+--------------------------+------+
- Because Adobe encrypted the password in ECB mode, I can see that the length of the password is exactly 8 char long [1].
- His password encrypted: \x15\x17\x80\xD7\x2D\xC8\x58\xE7
- "\x00 + padding" block: \xE2\xA3\x11\xBA\x09\xAB\x47\x07
- However searching for anyone with the same password comes up empty (he must have used a "strong" password), so unless someone finds the key Adobe used to encrypt his password, we will never know what password he used.
- [1] If the length of his password was less than 8 char, then there would only be one block, and if the length of his password was longer than 8 char, then the last block would look different (compare the last part of his password with the last part of the most used passwords: http://stricture-group.com/files/adobe-top100.txt and you'll see).
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement